思科 三層交換機 NAT轉換 ACL實驗
要求:
1、允許pc0訪問server1 禁止ping
2、禁止pc1 訪問server1 允許ping
3、禁止server1 訪問server0
先配置三層交換機
switch 0:
vlan 10
int f0/2
sw mode acc
sw acc vlan 10
ex
int f0/1
sw mode trunk
sw trunk allowed vlan all
switch 1: 同理
三層交換機配置
int vlan 10
int vlan 20
兩臺主機互ping
配置vlan 40 和默認路由
Router 0:
int g0/0 ip add 192.168.40.2 255.255.255.0 no shut
int g0/1 ip add 10.10.10.1 255.255.255.0 no shut
int g0/0 ip add 192.168.40.2 255.255.255.0 no shut
ip route 192.168.0.0 255.255.0.0 192.168.40.2
配置NAT
ip nat inside sour ststic tcp 192.168.30.1 80 10.10.10.3 80
acc 1 permit 192.168.0.0 0.0.255.255
ip nat pool 1 10.10.10.4 10.10.10.10 net 255.255.255.0
int g0/0 ip nat inside
int g0/1 ip nat outside
ex
ip nat inside source list 1 pool 1
ip route 76.12.0.0 255.255.0.0 10.10.10.2
router 1 配網關
查看是否互通
配置acl
在Router 0
配ACL
1、允許pc0訪問server1 禁止ping
2、禁止pc1 訪server1 允許ping
acc 101 deny icmp host 192.168.10.1 host 76.12.96.1
acc 101 permit ip host 192.168.10.1 host76.12.96.1
acc 101 permit icmp host 192.168.20.1 host 76.12.96.1
acc 101 deny ip 192.168.20.1 host 76.12.96.1
acc 101 per it any any
int g0/0 ip acc 101 in
在Router 1上
3、禁止server1 訪問server0
acc 101 deny ip host 76.12.32.1 host 12.12.12.3
acc 101 permit it any any
int g0/2
ip acc 101 in
允許pc0訪問server1 禁止ping
禁止pc1 訪server1 允許ping
禁止server1 訪問server0
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/12088.html
標籤:網絡協議與配置